CVE-2024-4897 Remote Code Execution in parisneo/lollms-webui

parisneo/lollms-webui, in its latest version, is vulnerable to remote code execution due to an insecure dependency on llama-cpp-python version llamacpppython-0.2.61+cpuavx2-cp311-cp311-manylinux231x8664. The vulnerability arises from the application's 'bindingzoo' feature, which allows attackers ...

CVE-2024-4897

The CVE-2024-4897 entry affects parisneo/lollms-webui via an insecure dependency on llama-cpp-python (llama_cpp_python-0.2.61+cpuavx2-...), with exploitation possible through the bindings_zoo feature when processing gguf model files. Connected Red Hat CVE-2024-34359 documents explain that the roo...

CVE-2024-38525

dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context due to malformed unicode, it logs the list of audited headers and their values using the nlohmann JSON library. However, due to the way the JSON library is invoked, it throws an uncaught...

CVE-2024-38525 dd-trace-cpp malformed unicode header values may cause crash

dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context due to malformed unicode, it logs the list of audited headers and their values using the nlohmann JSON library. However, due to the way the JSON library is invoked, it throws an uncaught...

CVE-2024-38525 dd-trace-cpp malformed unicode header values may cause crash

dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context due to malformed unicode, it logs the list of audited headers and their values using the nlohmann JSON library. However, due to the way the JSON library is invoked, it throws an uncaught...

CVE-2024-38525 dd-trace-cpp malformed unicode header values may cause crash

dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context due to malformed unicode, it logs the list of audited headers and their values using the nlohmann JSON library. However, due to the way the JSON library is invoked, it throws an uncaught...

PT-2024-28052 · Unknown · Nlohmann/Json +1

Name of the Vulnerable Software and Affected Versions: dd-trace-cpp versions prior to 0.2.2 Description: The issue occurs when the library fails to extract trace context due to malformed unicode. It attempts to log the list of audited headers and their values using the nlohmann JSON library...

PT-2024-28356 · Dumpts · Dumpts

Name of the Vulnerable Software and Affected Versions: DumpTS version 0.1.0-nightly Description: A Heap Buffer Overflow issue allows attackers to cause a denial of service. This is achieved via the function PushTSBuf located at /src/PayloadBuf.cpp. Recommendations: For DumpTS version 0.1.0-nightl...

MAL-2024-2596 Malicious code in launchdarkly-cpp-server (npm)

--- -= Per source details. Do not edit below this line.=-...

Microsoft Authentication Library Competitive Conditions Issue Vulnerability

Microsoft Authentication Library MSAL is an authentication library from Microsoft Corporation. A competitive condition vulnerability exists in Microsoft Authentication Library. An attacker could exploit this vulnerability to elevate privileges. The following products and versions are affected:...

RHEL 6 : qpid-cpp (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - qpid-cpp: anonymous access to qpidd cannot be prevented CVE-2015-0223 - qpid-cpp: AMQP 0-10 protocol...

RHEL 7 : qpid-cpp (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - qpid-cpp: anonymous access to qpidd cannot be prevented CVE-2015-0223 - qpid-cpp: AMQP 0-10 protocol...

SUSE CVE-2021-47516

In the Linux kernel, the following vulnerability has been resolved: nfp: Fix memory leak in nfpcppareacacheadd In line 800 1, nfpcppareaalloc allocates and initializes a CPP area structure. But in line 807 2, when the cache is allocated failed, this CPP area structure is not freed, which will...

Fedora: Security Advisory (FEDORA-2024-bb70b21754)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-47516

In the Linux kernel, the following vulnerability has been resolved: nfp: Fix memory leak in nfpcppareacacheadd In line 800 1, nfpcppareaalloc allocates and initializes a CPP area structure. But in line 807 2, when the cache is allocated failed, this CPP area structure is not freed, which will...

DEBIAN-CVE-2021-47516

In the Linux kernel, the following vulnerability has been resolved: nfp: Fix memory leak in nfpcppareacacheadd In line 800 1, nfpcppareaalloc allocates and initializes a CPP area structure. But in line 807 2, when the cache is allocated failed, this CPP area structure is not freed, which will...

CVE-2021-47516 nfp: Fix memory leak in nfp_cpp_area_cache_add()

In the Linux kernel, the following vulnerability has been resolved: nfp: Fix memory leak in nfpcppareacacheadd In line 800 1, nfpcppareaalloc allocates and initializes a CPP area structure. But in line 807 2, when the cache is allocated failed, this CPP area structure is not freed, which will...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from a memory leak vulnerability in nfpcppareacacheadd...

CVE-2024-34359

llama-cpp-python is the Python bindings for llama.cpp. llama-cpp-python depends on class Llama in llama.py to load .gguf llama.cpp or Latency Machine Learning Models. The init constructor built in the Llama takes several parameters to configure the loading and running of the model. Other than NUM...

GHSA-56XG-WFCC-G829 llama-cpp-python vulnerable to Remote Code Execution by Server-Side Template Injection in Model Metadata

Description llama-cpp-python depends on class Llama in llama.py to load .gguf llama.cpp or Latency Machine Learning Models. The init constructor built in the Llama takes several parameters to configure the loading and running of the model. Other than NUMA, LoRa settings, loading tokenizers, and...